Issuer certificates, About issuer certificates – Avaya 3.7 User Manual
Page 238
Using advanced features
238 Avaya VPNmanager Configuration Guide Release 3.7
4. From the Maintain Certificates list select the certificate that you want the VPNmanager
Console to use.
5. The default VSU certificate is identified by an asterisk in the MGR column. Although a
specific certificate may have other targets, as assigned through the IKE Certificate Usage
tab (See
IKE Certificate Usage on page 240
), the VPNmanager Console can still use it.
6. Click Use as Manager Certificate to make the VPNmanager Console a target of the
certificate.
Issuer certificates
Targets use an Issuer Certificate to authenticate a Signed Certificate. VSU targets can
dynamically store up to eight Issuer Certificates. Storage on VPNremote Client targets is only
limited by the amount of physical memory of the computer. Issuer Certificates must be installed
on targets before they are needed to authenticate a Signed Certificate. This section explains
how to retrieve and install Issuer Certificates for VSU targets. For information about installing
Issuer Certificates on VPNremote clients, see the VPNremote Administrator’s Guide.
About Issuer Certificates
The Signed Certificates stored in VSUs are X.509 public-key certificates. They’re used for
distributing a public-key of the VSU to targets (other VSUs, VPNremote Clients, and IKE
compatible clients). Every Signed Certificate identifies which Public Key Infrastructure (PKI)
System has signed it. However, targets must use a method to authenticate every Signed
Certificate they receive.
An Issuer Certificate may be called a “Signing Certificate” or “Certification Authority (CA)
Certificate.”Targets use an Issuer Certificate to authenticate a Signed Certificate. Therefore, the
Issuer Certificate must be from the same PKI System, as the Signed Certificate was signed by
the issuer’s private key.
illustrates how Issuer Certificates fit in the scheme of signed
certificate exchange.